Which three options are best practices for implementing a DMVPN?

Answer: A,B,C
Explanation:
Best Practices Summary for Hub-and-Spoke Deployment Model
This section describes the best practices for a dual DMVPN cloud topology with the hub-andspoke
deployment, supporting IP multicast (IPmc) traffic including routing protocols.
The following are general best practices:
•
Use IPsec in transport mode
•
Configure Triple DES (3DES) or AES for encryption of transported data (exports of
encryption algorithms to certain countries may be prohibited by law).
•
Implement Dead Peer Detection (DPD) on the spokes to detect loss of communication
between peers.
•
Deploy hardware-acceleration of IPsec to minimize router CPU overhead, to support traffic with
low latency and jitter requirements, and for the highest performance for cost.
•
Keep IPsec packet fragmentation to a minimum on the customer network by setting MTU size or
using Path MTU Discovery (PMTUD).
•
Use Digital Certificates/Public Key Infrastructure (PKI) for scalable tunnel authentication.
•
Configure a routing protocol (for example, EIGRP, BGP or OSPF) with route summarization for
dynamic routing.
•
Set up QoS service policies as appropriate on headend and branch router interfaces to help
alleviate interface congestion issues and to attempt to keep higher priority traffic from being
dropped during times of congestion.
Reference.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMVPN_1.html

I would also say that E is incorrect because hardware accelerator will minimise CPU overhead, but not have anything to do with memory.

DMVPN = mGRE so endpoint IPs are routable, transport is now best practice.

Probably wasn’t when this document was written.